How to spot scam emails | Fin24
  • Covid-19 Money Hub

    The hub will help answer your business and money questions during the coronavirus crisis.

  • The R450bn Question

    The Covid-19 crisis has delayed finding a solution for Eskom's debt, says Pravin Gordhan.

  • Public Investment Corp.

    The asset manager's new head Abel Sithole faces a long to-do list from workers and business.


How to spot scam emails

Jan 17 2016 17:35

Cape Town - One of the primary ways your email account can be hacked is through so-called phishing emails.

Statistics show that in 69% of cases, if you just click on the phishing email or link, you will download a virus (malware) onto your device. If hackers get access to your email account, they can access your personal information and commit fraud.

Kevin Hogan, fraud risk manager at Investec Private Banking, provides tips to help you identify these emails:

Hover over "From”

Probably the easiest way to identify if an email is legitimate or not, is simply to hover your mouse arrow over the name in the "From" column. You will be able to tell if the email is from a recognisable domain that is linked to the actual sender name.

For example, an email from should typically have the "From" domain of "" (not "" or "").

Check if the website address (URL) is legitimate

Another check you can do is to hover over the website address (link) in an email. Make sure the link is legitimate and uses encryption (https://). To be extra cautious, always open a new window and go to the site directly without clicking on the link in the email.

Check for incorrect grammar and spelling

Many hackers misspell words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic they use to find less savvy users. If hackers get a response from a poorly written email, they know the individual is an easy target.

Only plain text or absence of logos

Most legitimate emails are a mix of text and images and written with HTML. A phishing email may be without any images or company logos. If the email is all plain text and looks different from what you usually get from a sender, it is best to ignore the email.

The message body is an image

A common tactic of many hackers is to use an image only for the entire message. Legitimate emails are a mix of text and images. As an extra precaution, check for embedded links within the image (hover over it).

It requests personal information

A common tactic is an urgent email alert requesting you to provide and/or update your personal information about an account (for instance bank account details or account password). Because of this "urgent" request, you might be more tempted to click on a malicious web address or download an attachment. By doing this, your computer could be infected or your personal information stolen.

It contains suspicious attachments

The majority of financial institutions or retailers will not send out attachments by email. If an email in your inbox claims to be from your bank and it has an attachment, be very careful. High risk attachment file types include .exe, .scr, .zip, .com or .bat.

Urgent or too good to be true

If an email seems too good to be true, it most likely is. Be cautious about any message offering to transfer money into your bank account by simply "clicking here". Also, if the content urges you to "click into your account now", it is most likely a scam and you should mark it as "junk".

Your email address listed as the "From" address

If your email address is the "From" address, it is a sign of a fake message. In addition, if the "To" field shows a large list of recipients, you should also be cautious. Legitimate emails are sent directly to you and only you.

You may see "undisclosed recipients" and this is something to keep an eye on as well. It could be valid, but double check by using the other tips above.

IP (Internet Protocol) reputation

If you can easily identify the sending IP of an email, you can look up its reputation through Return Path’s Sender Score site. This tool will reveal a score (0-100) and will be able to give you more insight into IPs' historical performance. The lower the score, the more likely the email is a phishing or spoofing attempt.

investec  |  financial services  |  tech  |  scams


Company Snapshot

Voting Booth

How has Covid-19 impacted your financial position?

Previous results · Suggest a vote